'123456' Used by Millions as Password, Security Study Finds

posted by R.J. Johnson - @rickerthewriter -
Apr 22, 2019

It's time to change up your password - especially if you're one of the 23.2 million of users online who use '123456.'

The United Kingdom's National Cyber Security Centre (NCSC) released a list of the 100,000 most common passwords that appear in data breaches over the weekend in an effort to get people to begin taking their cyber-security more seriously. But despite several well-publicized stories about people's data being breached, the study appears to show that people still don't understand the importance of using a strong password.

According to the study, another popular choice for users online is 'qwerty,' with more than 3.8 million accounts using that to secure their account. 'Password' continues to be popular with people who can't seem to recall their password, with another 3.1 million accounts thinking '111111' will keep them safe.

Other commonly used passwords generally revolve around things like a simple series of numbers, or the same number being repeated several times.

There's also a lot of love being spread with 'iloveyou' as another popular choice for users. 'Monkey' and 'dragon' are also among the top twenty passwords used. And in what is certain to make Tom proud, 'myspace1' is ranked 26th on the list with more than 700,000 users nostalgic for a simpler time online.

People's names are another common theme when users choose their passwords. Thousands of users (who are probably named Ashley and Michael) used single names passwords like 'ashley' and 'michael.'

Not surprisingly, sports fans in England like to use names from their favorite football clubs as their password with 'liverpool' as the top choice to secure people's accounts. The other top Premier League football teams in the top five were also among the most commonly breached passwords, with 'chelsea' 'arsenal' 'manutd' and 'everton' showing up on the list.

“We understand that cybersecurity can feel daunting to a lot of people, but the National Cyber Security Centre has published lots of easily applicable advice to make you much less vulnerable," NCSC technical director Dr Ian Levy said in a statement. "Password re-use is a major risk that can be avoided – nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favorite band. Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password."

Experts recommend that people use three random words as a password to secure your account as well as numbers and special characters.